<?php

	session_start();
	require("connect.php");
	$link = connect_APO();
	
	if (!session_is_registered('ID')) :
		header('Location: login.php?msg=requires_login');
	endif;
	
	require("header+logoutB.php");
	headerL();
	
	$old = $_POST['oldPassword'];
	$new1 = $_POST['newPassword1'];
	$new2 = $_POST['newPassword2'];
	
	$error=0;
	if (strcmp($new1,$new2)!=0){
		$error = 1;
	}

	$ID = $_SESSION['ID'];
	
	$sql=sprintf("SELECT * FROM `users` WHERE ID='$ID' AND Pass=PASSWORD('%s') limit 1", mysql_real_escape_string($old));
	
	$query = mysql_query($sql);
	if(1 != mysql_num_rows($query)){
		$error = 2;
	} 
	
	echo "<html>
<body class='main'>

<FONT class='mainFont'>
  <CENTER>
    <!--<p><img src = 'images/apopic.jpg'></p>-->
    <br>
	<br>
	  <div class='headerTable'>
	  <b class='b1f'></b><b class='b2f'></b><b class='b3f'></b><b class='b4f'></b>
	  <div class='contentf'>";
	  
	  if ($error == 1){
		echo "<div>New passwords did not match. Password not changed.</div>";
	  } else if ($error == 2){
		echo "<div>The old password you entered did not match the one in the database. Password not changed.</div>";
	  } else {
		$sql = sprintf("UPDATE `users` SET `Pass`=PASSWORD('%s') WHERE `users`.`ID` = '$_SESSION[ID]'", mysql_escape_string($new1));
		$query = mysql_query($sql);
		echo "<div>Password changed successfully.</div>";
	  }
	  
	  echo "</div><b class='b4f'></b><b class='b3f'></b><b class='b2f'></b><b class='b1f'></b>
		</div>
	</center>
</font>
</body>
</head>
</html>";

	require("footer.php");
	footer();
mysql_close($link);
?>
